package com.yuchen.utils;

/**
 *@author Jack Q
 */
public class XssUtils {
    /**
     * 转义XSS  javascript
     * @param str
     * @return
     */
    public static String htmlspecialchars(String str) {
        str = str.replaceAll("eval\\((.*)\\)", "");
        str = str.replaceAll("<script", "<~script~");
        str = str.replaceAll("</script", "<~/script~");
        str = str.replaceAll("\\u003cscript", "<~script~");
        str = str.replaceAll("\\u003c/script", "<~/script~");
        str = str.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
        return str;
    }


    public static void main(String[] args) {
        System.out.println(XssUtils.htmlspecialchars("qeqweqwe<script >alert(fff)</script>"));

    }
}
